summaryrefslogtreecommitdiff
path: root/examples/monkeysphere-monitor-keys
blob: d121828c299ef372f55ac3191382553f08590973 (plain) 
    

  1. #!/bin/perl
    2. 

  2. 

  3. # This script runs in a loop, monitoring existing ~/.ssh and 
    4. 

  4. # ~/.monkeysphere directories for all users on the system. It's
    5. 

  5. # designed to be started at system start time and should run 
    6. 

  6. # as root.
    7. 

  7. #
    8. 

  8. # Optionally, pass the path to a file that is changed every
    9. 

  9. # time a user is added and this script will re-load the 
    10. 

  10. # list of directories to monitor to include new additions.
    11. 

  11. # 
    12. 

  12. # If liblinux-inotify2-perl is installed, then the Linux
    13. 

  13. # inotify method is used to determine if a file has changed.
    14. 

  14. # Otherwise, a generic/cross platform library is used.
    15. 

  15. #
    16. 

  16. # Known bugs: with inotify, if you pass /etc/passwd as the
    17. 

  17. # first argument, the script will not detect changes to the 
    18. 

  18. # file when a new user is added.
    19. 

  19. 

  20. use strict;
    21. 

  21. use File::ChangeNotify;
    22. 

  22. use File::Basename;
    23. 

  23. 

  24. sub get_home_dirs() {
    25. 

  25.   my @home_dirs;
    26. 

  26.   my @subdirs = ('.monkeysphere', '.ssh');
    27. 

  27.   # get list of users on the system
    28. 

  28.   while((my $name,my $passwd,my $uid,my $gid,my $gcos,my $dir,my $shell,my $home) = getpwent( )){
    29. 

  29.     # only monitor regular users
    30. 

  30.     if ( $uid >= 1000 ) {
    31. 

  31.       # The default watcher complains about non-existing directories
    32. 

  32.       # so you should include .monkeysphere and .ssh in /etc/skel
    33. 

  33.       # if you want them monitored for all users.
    34. 

  34.       for my $subdir (@subdirs) {
    35. 

  35.         if ( -d "$home/$subdir" ) {
    36. 

  36.           push(@home_dirs,"$home/$subdir");
    37. 

  37.         }
    38. 

  38.       }
    39. 

  39.     }
    40. 

  40.   }
    41. 

  41.   endpwent();
    42. 

  42.   return @home_dirs
    43. 

  43. }
    44. 

  44. 

  45. sub get_watcher {
    46. 

  46.   my($rescan_file) = $_[0]; 
    47. 

  47.   my(@dirs) = get_home_dirs(); 
    48. 

  48.   my @filters = ('authorized_keys', 'authorized_user_ids'); 
    49. 

  49. 

  50.   # if we have a rescan file that indicates when new users are added
    51. 

  51.   # then monitor that file as well (could be /etc/passwd)
    52. 

  52.   if ( -f "$rescan_file" ) {
    53. 

  53.     push(@dirs,dirname($rescan_file));
    54. 

  54.     push(@filters,basename($rescan_file));
    55. 

  55.   }
    56. 

  56.   # create combined file filters to limit our monitor
    57. 

  57.   my $filter = '^(' . join("|",@filters) . ')$';
    58. 

  58. 

  59.   # return a watcher object
    60. 

  60.   return my $watcher =
    61. 

  61.     File::ChangeNotify->instantiate_watcher
    62. 

  62.       ( directories => [ @dirs ],
    63. 

  63.         filter      => qr/$filter/, 
    64. 

  64.       );
    65. 

  65. }
    66. 

  66. 

  67. sub watch {
    68. 

  68.   my $watcher = $_[0];
    69. 

  69.   my $rescan_file = $_[1];
    70. 

  70. 

  71.   while ( my @events = $watcher->wait_for_events() ) { 
    72. 

  72.     my $rescan = 0;
    73. 

  73.     my @users;
    74. 

  74.     for my $event (@events) {
    75. 

  75.       if($event->path eq "$rescan_file") {
    76. 

  76.         $rescan = 1;
    77. 

  77.       } else {
    78. 

  78.         # if user deleted, file might not exist
    79. 

  79.         if( -f $event->path) {
    80. 

  80.           my $username = getpwuid((stat($event->path))[4]);
    81. 

  81.           push(@users,$username);
    82. 

  82.         }
    83. 

  83.       }
    84. 

  84.     }
    85. 

  85.     for my $user (@users) {
    86. 

  86.       my @args = ('u',$user);
    87. 

  87.       system 'monkeysphere-authentication', @args;
    88. 

  88.     }
    89. 

  89.     # rescan users if necessary
    90. 

  90.     if($rescan) {
    91. 

  91.       # return to loop so we can be re-run after re-reading the
    92. 

  92.       # user list 
    93. 

  93.       return;
    94. 

  94.     }
    95. 

  95.   }
    96. 

  96. }
    97. 

  97. 

  98. my $rescan_file = $ARGV[0];
    99. 

  99. while(1) { 
    100. 

  100.   my $watcher = get_watcher($rescan_file);
    101. 

  101.   watch($watcher, $rescan_file);
    102. 

  102. }
    103.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 00:25:11 +0000